[dnsdist] Vulnerability Disclosure: Critical Cache Poisoning in DNSDist (SHAR Attack)
Otto Moerbeek
otto.moerbeek at powerdns.com
Wed Aug 20 06:57:15 UTC 2025
1. This report is not following responsible disclosure in any way as it is sent to a public mailing list. We saw you also sent similar report to other public mailing list. This is very bad practise.
2. We do not think the report has merit, read https://www.dnsdist.org/guides/downstreams.html#securing-the-path-to-the-backend for the reasons.
Regards,
-Otto
--
kind regards,
Otto Moerbeek
Senior Developer PowerDNS
Phone: +49 2761 75252 00 Fax: +49 2761 75252 30
Email: otto.moerbeek at open-xchange.com
-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin
Chairman of the Board: Dr. Paul-Josef Patt
PowerDNS.COM BV, Koninginnegracht 5, 2514 AA Den Haag, The Netherlands
Managing Director: Robert Brandt
-------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20250820/7888b552/attachment.sig>
More information about the dnsdist
mailing list